5 BILLION requests/day. Zero downtime A live migration from Linkerd --> Istio. Careem did it without rewriting mesh-specific CRDs. Thanks to the Gateway API. Migrating between service meshes (for example, Linkerd to Istio) is usually risky because their configuration APIs are

Here is why you should lint your Dockerfile 👇 For those who may not be aware, Linting is the process of checking code for errors, bad practices, or inconsistencies using a linter utility. By linting Dockerfiles, You can catch errors early, improve security, and keep everyone

Most teams will move from Ingress to Kubernetes Gateway API. But do you know how Istio fits into this shift? I wrote a new deep-dive on using Istio Ingress with the Gateway API. Here is what you will learn: - Use the Kubernetes Gateway API with Istio - Do canary traffic

Kubernetes Gateway API is slowly replacing custom mesh routing APIs. In my previous Istio post, I explained what GAMMA is and how it works. I have published a detailed hands-on guide that explains the concepts with clear examples and illustrations. Here is what it covers: -

In my previous Istio post, I briefly spoke about GAMMA. So, what is GAMMA? GAMMA --> Gateway API for Mesh Management and Administration Gateway API was originally designed to manage ingress traffic Meaning from traffic from outside the cluster to services inside the cluster

The Gateway API is intended to become the default API for Istio ingress. In my next post, I will cover how to handle north-south traffic (external to internal) in Istio using the Gateway API. A clear understanding of Gateway API basics is important for this setup. We also

From 300MB to 6MB Container Image 🚀 Here is how 👇 When you build container images, You often start with a base like Ubuntu, Alpine, or Debian. But what if you could start from nothing? ❌ No OS ❌ No shell ❌ No extra files ✅ Just your application & configs That is

With Istio Ambient Mode, you dont need sidecars. Here is how it works 👇 Istio has two modes. Sidecar & Ambient Mode In this sidecar mode, Istio Deploys an Envoy proxy as a sidecar container alongside each application pod. All the traffic (L4-L7) flows through this

SSL management in k8s is a must-know workflow for DevOps engineers. In every project, You will have to deal with TLS certificates. It could be public or internal certificates. One of the best ways to manage SSL in Kubernetes is by using cert-manager. It automates the

New to Istio? I have a simple beginner friendly guide to help you set up Istio on Kubernetes By the end, you will understand, - Different Istio installation modes - Setting up Istio using Helm - How to validate the setup with a demo application & canary release strategy. - Key

Autoscaling in EKS? Most people pick the wrong strategy. The following are the two common ways to do scale EKS. - Cluster Autoscaler - karpenter Lets understand the differences. 𝗖𝗹𝘂𝘀𝘁𝗲𝗿 𝗔𝘂𝘁𝗼𝘀𝗰𝗮𝗹𝗲𝗿: - It operates at the Auto Scaling Group level - It is a

Linux Foudnation Cyber Monday sale is live 🚀 Use code CW25CT at https://t.co/hfilxPxrGa to get flat 50% discount on Individual certifications. Using code CW25BUNCT you can save 60% if you opt for the following k8s certification bundles. - CKA + CKAD: https://t.co/HpiJkbLsIU

You can increase the visibility to your Kubernetes cluster Kubernetes SIG has created a tool called Headlamp, a dashboard you can run on your local system. Headlamp helps you view and manage multiple Kubernetes clusters in one place. You might ask, Why use Headlamp when tools

I found a perfect use case of Kubernetes API Aggregation Layer I have spoken about the k8s API Aggregation Layer before. It helps you add custom Extension API servers to your cluster. Meaning, you can create your own API resource types and make Kubernetes do more than what it

I was never active on X, but I want to give it a try. I plan to share what I learn and build in the tech space, mainly DevOps and Cloud. A quick intro - Started writing about cloud 13 years ago - Publishing DevOps content on DevOpsCube for 11 years - Implementing DevOps

Setting up Pod-level securityContext doesnt work. Here is why 👇 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/yvjMJ8riPJ Most folks think setting runAsNonRoot: true at the Pod level makes all containers secure. It should. In theory. But in practice? Pod-level securityContext makes

Kubernetes Swap 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/l5IA6zhxcH When you deploy a Pod in Kubernetes, each node uses its physical RAM to run containers. If a node runs out of memory, Kubernetes may start killing Pods to keep the node stable. With kubernetes swap, you can

Most DevOps engineers focus on automation. But, DevOps today is much more than CI/CD pipelines. It is also about understanding how systems actually work and how to design them to survive failures. In that context, One concept that every DevOps engineer should know is the

One of the most overlooked concepts in K8s: Graceful Pod Shutdown If you don’t handle it right, your app may: - Drop user requests - Lose data - Stop mid-process Let’s break it down 👇 1/ When a pod is about to shut down, Kubernetes sends a SIGTERM to your container. If your

By default, Kubernetes has no idea what a GPU is. It only understands resources like CPU and memory. GPUs are a key requirements for AI and ML applications. To make K8s aware of GPUs, you need the device plugin framework. It’s basically a set of APIs that allows third-party